[openssl-users] calloc vs kssl_calloc

Geoffrey Coram gjcoram at gmail.com
Mon Sep 26 16:32:58 UTC 2016

On 09/26/2016 12:11, Benjamin Kaduk <bkaduk at akamai.com> wrote:
> On 09/26/2016 11:01 AM, Salz, Rich wrote:
> > Kssl_calloc calls openssl_malloc which means the data must be 
> free'd with openssl_free. And in debug builds any non-free'd data is
> a leak and reported.  Ton line 875 the data is allocated and never 
> free'd, so it skips the leak detection.   In some of those other 
> places, perhaps it's because the KRB API needs something it can free
> or realloc?  I'm not sure.
> >
> It doesn't look like the allocated memory is used as input to a krb5
> routine, so I think it's just a bug.
> -Ben

As it turns out, that wasn't the code that was giving me trouble in my

Instead, it's the code in crypto\LPdir_win.c, which is included via 
crypto\LPdir_wince.c, which is included in crypto\o_dir.c

I found a portability tip on the web that says not to use malloc or 
calloc in Windows CE applications.  (Actually, Google found me a 
result in the book "Making Win32 Applications Mobile" by Nancy 

I've cc'ed Richard Levitte, who is credited for LPdir_win.c, perhaps 
he can comment on whether LocalAlloc would be an appropriate 


More information about the openssl-users mailing list